Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7620 | 1 Elastic | 1 Logstash | 2020-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding. | |||||
| CVE-2016-10363 | 1 Elastic | 1 Logstash | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit. | |||||
| CVE-2015-5378 | 2 Elastic, Elasticsearch | 2 Logstash, Logstash | 2019-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. | |||||
| CVE-2016-1000221 | 1 Elastic | 1 Logstash | 2019-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. | |||||
| CVE-2016-1000222 | 1 Elastic | 1 Logstash | 2019-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | |||||